| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.03.2012, 19:20
| #1 |
| |  Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! Hallo alle zusammen  Ich musste heute leider feststellen das ich mir einen nervigen Virus eingefangen habe der faxen mit meiner Maus macht! Sobald ich mit dem mauszeiger über einen Ordner gehe öffnet sich dieser ohne klicken! Auch im Browser läufts heiß her! Hier das selbe nur alleine vom bewegen springt er zu neuen Seiten oder läd die erste neu! Manchmal öffnet er auch mehrere fenster! Ich kann überhaupt nicht mehr richtig mit Programmen arbeiten oder etwas tun da es in allen Programmen das selbe "Phänomen" ist! Außerdem habe ich auch bemerkt das ich keine Rahmen mehr ziehen kann da diese nach einigen cm abbrechen! Ich habe nicht so viel Kenntnis im beheben von Viren deswegen wende ich mich an euch . Ich würde mich riesig über einen Lösungsweg freuen!!! Und bedanke mich schonmal im Vorraus! Ich hoffe meine Laienbeschreibung kann euch weiterhelfen.Mit freundlichen Grüßen RexRever |
|
22.03.2012, 19:22
| #2 |
| /// Malware-holic   | Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! hi,
__________________schon mal die maus gesäubert, einige kann man ja öffnen. wenns ne funkmaus ist, baterieen getauscht? falls du ne alternativ maus hast, schon mal getestet ob da auch das selbe problem auftritt?
__________________ |
|
22.03.2012, 19:25
| #3 |
| | Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! Ne meine Maus ist eine sehr gute Razer maus mit Kabel und keine Funkmaus es ist defenitiv ein Virus! Bin grade dabei Norton im abgesicherten Modus laufen zu lassen und er findet hier wenigstens etwas! bis jetzt 10 gefundene Risiken.
__________________Aber  für die schnelle Antwort MalewareBytes hat zb. überhaupt nichts gefunden :0. Würde mich echt tierisch freuen wenn mir einer weiterhelfen könnte! Ok der Scan ist abgeschlossen aber er hat nur Tracking Cookies gefunden -.-*. Such schon 6 stunden nach einer Lösung! pls help me!!!!! Habe den Rechner jetzt mal neu gestartet aber das Problem besteht weiterhin was soll ich noch tun?! Bin echt am verzweifeln!  Zur Frage von dir mit der alternativmaus. Ich schreibe ja hier von meinem sekundären Laptop da es auf meinem Gamerrechner echt nicht geht mit dem Virus. Habe die Maus hier an den Laptop und alles einwandfrei. |
|
22.03.2012, 20:06
| #4 |
| /// Malware-holic | Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! naja, auch wenn die maus sehr gut ist, kann sie kaputt gehen oder die von mir aufgezehlten probleme haben, deswegen frage ich. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.03.2012, 20:19
| #5 |
| | Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! Ok musste jetzt umständlich vom Laptop email schicken und mit dem Gamer-PC gefühlte 300mal versuchen das zu makieren was ja nicht geht wegen dem Virus -.-* habs aber jetzt geschafft und er ist am scannen sag gleich den neusten Stand an! Danke schonmal! Sry hab jetzt im Wahn Scan statt uickscan gedrückt ist das schlimm? :0 |
|
22.03.2012, 20:39
| #6 |
| /// Malware-holic | Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! scan einfach weiter, wird auch so gehen denke ich.
__________________ --> Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! |
|
22.03.2012, 21:03
| #7 |
| | Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! hier der Otl.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2012 20:17:39 - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Papa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,63 Gb Available Physical Memory | 70,57% Memory free 15,96 Gb Paging File | 13,23 Gb Available in Paging File | 82,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,17 Gb Total Space | 1052,09 Gb Free Space | 75,30% Space Free | Partition Type: NTFS Drive D: | 7,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.22 20:13:40 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\24960-OTL.exe PRC - [2012.03.13 22:20:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.11.26 11:40:56 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.11.03 19:25:08 | 008,094,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2007.05.10 13:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe PRC - [2007.04.21 09:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe ========== Modules (No Company Name) ========== MOD - [2007.05.10 13:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe MOD - [2007.04.21 09:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.09.08 13:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.03.21 15:57:27 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.03.13 22:20:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2011.12.15 17:29:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.12.15 17:29:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.12.02 22:24:19 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.11.25 22:42:39 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.07.06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.04.21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS) DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 10:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.03.07 10:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS) DRV:64bit: - [2011.01.13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.16 02:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.04.24 14:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2007.05.07 18:00:04 | 010,642,176 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325) DRV - [2012.03.06 16:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120321.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.03.02 19:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.02.18 16:35:49 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120322.003\EX64.SYS -- (NAVEX15) DRV - [2012.02.18 16:35:49 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120322.003\ENG64.SYS -- (NAVENG) DRV - [2012.02.04 11:33:59 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.02.04 11:33:58 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F C4 BE B5 77 AB CC 01 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012.02.18 16:28:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012.03.22 19:51:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012.03.14 20:39:58 | 000,102,233 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.08 20:07:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.08 20:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Extensions [2012.01.19 00:21:32 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Papa\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Papa\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Papa\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Facemoods = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\ CHR - Extension: FBPHOTOZOOM = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.4_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe () O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03B5C4AA-A3CF-4FFF-B1D6-F6A9B12D2F06}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.11.14 11:59:05 | 000,000,081 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2012.02.14 13:55:43 | 000,000,000 | R--D | M] - D:\autostarter -- [ UDF ] O32 - AutoRun File - [2007.07.30 11:00:50 | 000,233,472 | R--- | M] () - D:\AutoStarter.exe -- [ UDF ] O33 - MountPoints2\{396fecb6-1767-11e1-a8fc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{396fecb6-1767-11e1-a8fc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\0data\cbs.exe -- [2011.11.18 17:29:39 | 003,427,328 | R--- | M] () O33 - MountPoints2\{a1750e8f-1d0e-11e1-841b-50e549b67340}\Shell - "" = AutoRun O33 - MountPoints2\{a1750e8f-1d0e-11e1-841b-50e549b67340}\Shell\AutoRun\command - "" = G:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.22 20:13:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Papa\Desktop\24960-OTL.exe [2012.03.22 17:17:12 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Malwarebytes [2012.03.22 17:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.22 17:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.22 17:17:04 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.22 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.22 10:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver [2012.03.22 09:35:12 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{30936325-A95E-4B14-9F90-F12EF4511280} [2012.03.22 09:35:00 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{55459CC8-B73E-474A-93CB-13549251DFFF} [2012.03.22 09:18:25 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\NeocoreGames [2012.03.21 22:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills [2012.03.21 22:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Purplehills [2012.03.21 22:44:42 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Downloaded Installations [2012.03.21 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{D97C6AB5-1F64-4B17-9B58-AD48398F95D2} [2012.03.21 21:34:24 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{FE2A1B8B-F513-4094-9436-8E176B55AAC5} [2012.03.21 09:33:59 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{226A321B-DE34-40CC-BA3A-609E75FDD7FA} [2012.03.21 09:33:48 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{1A087A83-31F0-44F2-8981-FFD4FC7C61C0} [2012.03.20 20:57:28 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{2F8AD25C-BF03-4343-8F66-37B482A1259D} [2012.03.20 20:57:17 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{7E0425F9-4C21-437B-A222-EACA98C7BBEA} [2012.03.20 08:56:52 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{1FFF1204-54C3-4413-B579-C7FFCF1D6DD5} [2012.03.20 08:56:40 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{044CBC1B-BF57-457F-96B5-C7C28188B08E} [2012.03.19 20:56:16 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{537FB633-D3D8-4246-9BDC-934C94F8809B} [2012.03.19 20:56:05 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{2BDE81A6-E5E0-4D30-8078-672C81A2350B} [2012.03.19 08:55:37 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{88C80C29-9D00-4F09-931A-FBAA8D93D685} [2012.03.19 08:55:20 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{D411F4BB-788D-45E1-9697-1A2E721009AF} [2012.03.18 12:40:55 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{60C82CF2-380A-4B65-A8F7-9B8FABFD987E} [2012.03.18 12:40:38 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{40A9CDB1-3BA1-4A30-9B0C-1790D2D6CECA} [2012.03.17 23:44:04 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{ABC4B077-86D7-4903-86E5-D00AAE3BBFB2} [2012.03.17 23:43:54 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{AD58B97F-2381-4A9D-9C90-7E0DAE85F9A9} [2012.03.17 11:43:41 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{4A14FF93-5C88-4BFF-983A-748FF56E7DFB} [2012.03.17 11:43:31 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{2B2EA311-76DF-4384-9AEA-EC27F506AA82} [2012.03.16 23:43:05 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{FF0469B2-1C5E-401D-B879-E8E15CEB9B25} [2012.03.16 23:42:54 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8E4CD678-2AD9-45CC-99F8-7288AC41C757} [2012.03.16 20:37:29 | 000,000,000 | ---D | C] -- C:\Users\Papa\.emps_cache [2012.03.16 11:42:41 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{E2D3B2B9-657A-46CC-A7F4-CCD327A6571B} [2012.03.16 11:42:31 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{48C1B622-C4FC-4863-8D6D-FDCF0DDEC3AC} [2012.03.15 23:42:05 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{4BA213C2-FB4F-47F8-B38F-9C808DC70919} [2012.03.15 23:41:55 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{F130D0A6-49F1-4B14-962F-DD37059298E7} [2012.03.15 23:02:25 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Chromium [2012.03.15 18:38:04 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Funcom [2012.03.15 18:37:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.03.15 18:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom [2012.03.15 17:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA [2012.03.15 17:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2012.03.15 17:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2012.03.15 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{1DBDD49C-A5FD-4A18-A70F-2191E6DE8F46} [2012.03.15 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{AC9E2674-E4B6-49D2-B886-69A31320BFF7} [2012.03.15 03:02:45 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.03.15 03:02:44 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.03.15 03:02:44 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.14 20:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.03.14 20:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMinent Toolbar [2012.03.14 20:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.03.14 20:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fbphotozoom [2012.03.14 20:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload [2012.03.14 20:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent [2012.03.14 20:36:21 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\BitTorrent [2012.03.14 13:44:57 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.14 13:44:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.14 13:44:19 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.14 13:44:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.03.14 13:44:11 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.14 13:44:11 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.03.14 09:58:30 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{580DD921-6533-4DA0-82EC-4E7BD46D03C7} [2012.03.14 09:58:19 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{84384132-495A-460D-BFAF-2916FE7708A7} [2012.03.13 21:57:53 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8CCD9060-20B6-42CF-8FDB-BB85D64C6A41} [2012.03.13 21:57:41 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{D1FF5B5F-2E56-439D-AE31-678054ECA471} [2012.03.13 09:57:12 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{328AFE05-9349-4002-A81F-DEECB1B600F3} [2012.03.13 09:57:01 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{EC4A76A1-D0D0-424F-AA55-105D1CA08993} [2012.03.12 11:30:53 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{2867DADB-0AFF-4476-9094-7EF32D397930} [2012.03.12 11:30:41 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8C8B7FDD-3236-49C9-8E86-B4A4F49DB7FB} [2012.03.11 11:41:31 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\The Lord of the Rings Online [2012.03.11 11:41:31 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\The Lord of the Rings Online [2012.03.11 11:13:50 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Turbine [2012.03.11 11:11:07 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\ApplicationHistory [2012.03.11 11:09:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2012.03.11 11:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine [2012.03.11 11:04:58 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{38E5EE20-0A7B-4E81-ABF3-E48CD32D6F83} [2012.03.11 11:04:44 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{49FA47B7-E895-44A2-9D9E-3A54F7978DDF} [2012.03.11 10:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine [2012.03.10 23:04:17 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{6B66EBBA-3FFC-4837-A075-060B7BFFFA6E} [2012.03.10 23:04:06 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{473747DF-966E-416C-AB1A-6C6122C5A402} [2012.03.10 11:08:19 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\ElevatedDiagnostics [2012.03.10 00:13:01 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{808FB9DF-CA97-425F-ADCC-1DAF51F305CA} [2012.03.10 00:12:49 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8AE4F3B2-91FD-422F-97CD-8E0AE150696F} [2012.03.09 09:21:36 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{24BA3F27-7B4E-490F-B1B1-53DA738759EA} [2012.03.09 09:21:26 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{5B1192A0-FC74-4AE1-91FE-11B652BBD2AC} [2012.03.08 11:50:28 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{E613D7ED-E7A4-4B4B-AAF5-D41BE9C9F7EF} [2012.03.08 11:50:15 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{C30A93F1-0CD4-4CD4-940A-105CFC9FF3CC} [2012.03.07 22:16:16 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{F6BCB105-0F38-47B3-AF00-7315ACFF3B2A} [2012.03.07 08:46:29 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{87500DB7-7A66-4158-ABDA-807642FDCE8F} [2012.03.07 08:46:18 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{F09EF8C6-2393-4ECA-A8C1-25ED0AFE44FE} [2012.03.06 20:45:54 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{B7B08F6D-C1D1-4F94-9D50-32EE6478910C} [2012.03.06 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{1541F8C2-2483-4FC6-A5A6-3244B8994762} [2012.03.06 08:45:18 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{0CCF9FFA-36A2-4E44-A877-2CF4C0A6B0FC} [2012.03.06 08:45:04 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{FA03B42B-DEA9-4377-9FB6-C4086806451E} [2012.03.05 15:38:42 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{5E452097-DACE-4122-B314-59FBD903F041} [2012.03.05 15:38:30 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{2F7EF1DE-8581-4465-BF70-7EC7C3223EE8} [2012.03.04 23:35:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.03.04 23:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2012.03.04 23:34:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.03.04 23:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012.03.04 22:41:22 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{11FB2A0A-9602-41A8-B29C-778782EFF151} [2012.03.04 22:41:10 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{09DE7FAC-7C77-4E18-8D3E-A2D7C66068DA} [2012.03.04 10:40:43 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8CEE3772-83C7-4DE6-9069-B8E01E9CACF5} [2012.03.04 10:40:33 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{DC9135CA-71FC-4EE7-BB14-EF1CCB0F7E5C} [2012.03.03 08:31:22 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{917678B9-54C5-4D36-BD26-03FA1890E358} [2012.03.03 08:31:08 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{E30ED1A7-B2BC-46E9-B3B5-C4B81F5ECA57} [2012.03.02 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{3E5AEB04-5DEF-405A-B0B8-59C0B6B5F72E} [2012.03.02 11:31:06 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{54EC3BD1-DD4B-4D46-9212-62A8EDF01216} [2012.03.01 21:31:10 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{3B15A699-2799-4704-998C-6EFACC6C47C6} [2012.03.01 21:31:00 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{365600D3-C70C-469A-9ADC-6B2608F0C415} [2012.03.01 09:30:36 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{45F739A9-2260-45C4-97F7-031258F325AA} [2012.03.01 09:30:25 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{BF9F6A04-5636-46CD-A981-A524A2DA9A52} [2012.02.29 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{81AD12A0-BD3F-4710-8EEF-70DEEC414DE2} [2012.02.29 09:54:06 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{5C88441A-E29F-4718-98A6-C0B03EB08514} [2012.02.28 18:32:03 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{A8D9AE2B-6D65-4437-9BE9-99434D64BC50} [2012.02.28 18:31:53 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{F52254E1-6F6F-4C18-BD4A-DD0E045DEF2A} [2012.02.27 22:43:22 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{F0CB0FFE-1686-4D88-8823-EE45562ACC29} [2012.02.27 22:43:12 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{4A44A2F0-A5DC-4491-B8CC-04A7ADCC4DA4} [2012.02.27 10:42:58 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8C3419F1-3F5E-44F9-997C-9FD3CC90A906} [2012.02.27 10:42:48 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{740E098C-850E-453E-951E-4D40A7926176} [2012.02.26 14:02:04 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{0D6E67B2-F118-4553-8A1F-C8E6950DBFEF} [2012.02.26 14:01:54 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{0426C9AE-090C-47B7-B5E6-D71ED04EE266} [2012.02.25 16:33:23 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{FCB4CADD-AC2E-4381-8030-8AB6CF577BE4} [2012.02.25 16:33:09 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{CDD9230F-DF75-491C-B5FD-9D9E478C8A3A} [2012.02.24 13:51:51 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{72BF0E7C-1E29-42D1-B788-CABACE82B18A} [2012.02.24 13:51:35 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{CB77100D-296F-449F-88B4-4D8E9FD837F4} [2012.02.23 16:54:31 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{52C72011-1936-4B6E-AEC9-2402B681815E} [2012.02.23 16:54:18 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{C58CDDE2-C438-457F-B4CB-072D4595AF63} [2012.02.22 22:55:13 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{EBA0C84F-1B1F-4EB3-8896-CDF57FCFBFD4} [2012.02.22 22:55:03 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{216B12C2-46E1-4B9B-83BC-68FCFCD1A641} [2012.02.22 10:49:43 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{9ADF9EE0-2061-40B2-8D59-E3DDF7FA2876} [2012.02.22 10:49:32 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{A96DBC6D-7BB8-4C67-B113-AB9AC8BFE128} [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.22 20:13:40 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\24960-OTL.exe [2012.03.22 19:59:04 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 19:59:04 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 19:51:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.22 19:51:36 | 2132,729,855 | -HS- | M] () -- C:\hiberfil.sys [2012.03.22 17:48:19 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2012.03.22 17:17:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.15 14:12:18 | 000,002,621 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2 [2012.03.15 13:42:20 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.15 13:42:20 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.15 11:50:59 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.03.15 11:39:21 | 000,277,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.13 22:20:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.13 11:36:02 | 001,620,516 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.13 11:36:02 | 000,707,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.13 11:36:02 | 000,661,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.13 11:36:02 | 000,153,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.13 11:36:02 | 000,125,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.13 11:35:52 | 001,620,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.11 11:11:07 | 000,000,092 | ---- | M] () -- C:\Users\Papa\AppData\Local\fusioncache.dat [2012.03.10 10:48:50 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.03.10 10:48:50 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2012.02.22 13:19:13 | 583,751,675 | ---- | M] () -- C:\Windows\MEMORY.DMP [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.22 17:17:06 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.14 20:41:34 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2012.03.13 22:22:46 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.11 11:11:07 | 000,000,092 | ---- | C] () -- C:\Users\Papa\AppData\Local\fusioncache.dat [2012.02.17 13:50:17 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.02.17 13:50:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.17 13:50:14 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.02.16 13:49:20 | 000,000,060 | ---- | C] () -- C:\Windows\Bibi_Tina.ini [2012.01.25 14:59:33 | 001,620,516 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.19 16:04:03 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2012.01.19 16:03:16 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2012.01.19 16:02:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.01.14 12:29:06 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe [2012.01.14 12:29:06 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe [2012.01.14 12:29:06 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini [2012.01.14 12:29:05 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll [2012.01.14 12:29:05 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll [2012.01.14 12:29:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll [2011.11.25 22:21:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.11.25 22:21:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.11.25 14:48:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.11.25 14:25:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.25 14:23:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.26 19:21:31 | 000,000,000 | ---D | M] -- C:\.minecraft [2011.11.25 14:45:23 | 000,000,000 | ---D | M] -- C:\ATI [2012.02.16 13:49:16 | 000,000,000 | ---D | M] -- C:\Bibi_und_Tina [2012.01.13 17:46:37 | 000,000,000 | ---D | M] -- C:\Champions Online BT FC.20.20110627.3 [2012.01.13 18:32:38 | 000,000,000 | ---D | M] -- C:\Cryptic Studios [2011.12.02 22:39:23 | 000,000,000 | ---D | M] -- C:\Dead Island [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.11.25 14:23:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.01.20 12:02:54 | 000,000,000 | ---D | M] -- C:\Games [2012.02.18 17:03:41 | 000,000,000 | ---D | M] -- C:\Lop SD [2012.02.06 19:29:20 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.02.18 17:09:16 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.22 18:42:02 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.22 17:48:14 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.11.25 14:23:04 | 000,000,000 | -HSD | M] -- C:\Programme [2011.11.25 14:23:04 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.02.21 14:54:26 | 000,000,000 | ---D | M] -- C:\sh4ldr [2012.03.22 20:20:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.26 15:41:28 | 000,000,000 | ---D | M] -- C:\The Elder Scrolls V- Skyrim [2011.11.25 14:23:08 | 000,000,000 | R--D | M] -- C:\Users [2012.03.22 18:42:03 | 000,000,000 | ---D | M] -- C:\Windows [2012.01.27 13:28:28 | 000,000,000 | ---D | M] -- C:\__temp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.02.08 17:54:36 | 000,005,841 | ---- | M] () -- C:\Users\Papa\.recently-used.xbel [2012.03.22 20:37:51 | 002,359,296 | -HS- | M] () -- C:\Users\Papa\ntuser.dat [2012.03.22 20:37:50 | 000,262,144 | -HS- | M] () -- C:\Users\Papa\ntuser.dat.LOG1 [2011.11.25 14:23:08 | 000,000,000 | -HS- | M] () -- C:\Users\Papa\ntuser.dat.LOG2 [2011.11.25 14:47:28 | 000,065,536 | -HS- | M] () -- C:\Users\Papa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.11.25 14:47:28 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.11.25 14:47:28 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.02.18 17:49:05 | 000,065,536 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{356e5519-5a3f-11e1-ac3f-50e549b67340}.TM.blf [2012.02.18 17:49:05 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{356e5519-5a3f-11e1-ac3f-50e549b67340}.TMContainer00000000000000000001.regtrans-ms [2012.02.18 17:49:05 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{356e5519-5a3f-11e1-ac3f-50e549b67340}.TMContainer00000000000000000002.regtrans-ms [2012.02.21 23:50:40 | 000,065,536 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{c5dcfcd4-5c87-11e1-851e-50e549b67340}.TM.blf [2012.02.21 23:50:40 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{c5dcfcd4-5c87-11e1-851e-50e549b67340}.TMContainer00000000000000000001.regtrans-ms [2012.02.21 23:50:40 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{c5dcfcd4-5c87-11e1-851e-50e549b67340}.TMContainer00000000000000000002.regtrans-ms [2011.11.25 14:23:08 | 000,000,020 | -HS- | M] () -- C:\Users\Papa\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Hier der Extra.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.03.2012 20:17:39 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Papa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,63 Gb Available Physical Memory | 70,57% Memory free
15,96 Gb Paging File | 13,23 Gb Available in Paging File | 82,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 1052,09 Gb Free Space | 75,30% Space Free | Partition Type: NTFS
Drive D: | 7,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC44ABB-62F1-FDA7-02C8-DCCC2A239DDE}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Blender" = Blender
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"WinGimp-2.0_is1" = GIMP 2.6.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.1
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = AMD VISION Engine Control Center
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 30
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D6293F2-53DA-45A1-B7F4-1843CA3B2658}" = Darkest of Days
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEFE4FD-8EF1-4D61-B3CF-52016EAE6692}" = Hama Webcam Suite
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA179F5-EAE2-4997-B03E-989068643DBF}" = Brickshooter Egypt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam RW-100
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.05.01.8027
"1ClickDownload" = 1ClickDownload
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Age of Conan_is1" = Age of Conan: Unchained
"BitTorrent" = BitTorrent
"Black Prophecy_is1" = Black Prophecy
"Champions Online" = Champions Online
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"Der Herr der Ringe - Der Krieg im Norden (c) Warner Bros._is1" = Der Herr der Ringe - Der Krieg im Norden (c) Warner Bros. version 1
"Eastern Front" = Eastern Front
"facemoods" = Facemoods Toolbar
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Full Spectrum Warrior" = Full Spectrum Warrior (remove only)
"Graboid Video" = Graboid Video 2.4
"GTA ]I[" = GTA ]I[
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Mafia II_is1" = Mafia II
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Maker Hip Hop Edition 2 D" = MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"N360" = Norton 360
"OpenAL" = OpenAL
"Pandemonium" = Pandemonium for Windows
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"STARWARS: The Battle of Endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"Steam App 113400" = APB Reloaded
"Steam App 1213" = Red Orchestra: Ostfront 41-45
"Steam App 13140" = America's Army 3
"Steam App 13180" = America's Army 3 Dedicated Server
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 17515" = Age of Chivalry Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 300" = Day of Defeat: Source
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"TeamViewer 6" = TeamViewer 6
"Tom Clancy's Splinter Cell Conviction_is1" = Tom Clancy's Splinter Cell Conviction
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"TV3D65_is1" = TV3D SDK 6.5 Prerelease
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Zip Uncompressor" = Zip Uncompressor
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.03.2012 05:47:07 | Computer Name = Papa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: YontooIEClient.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4f175f2b Ausnahmecode: 0xc0000005 Fehleroffset:
0x5f15e36b ID des fehlerhaften Prozesses: 0x888 Startzeit der fehlerhaften Anwendung:
0x01cd0747921c1ca2 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: YontooIEClient.dll Berichtskennung:
d1e4ce86-733a-11e1-9016-50e549b67340
Error - 21.03.2012 07:41:14 | Computer Name = Papa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4ea78f27 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4f28cccc Ausnahmecode: 0xc0000005 Fehleroffset: 0x5f2ff1c9
ID
des fehlerhaften Prozesses: 0xe94 Startzeit der fehlerhaften Anwendung: 0x01cd0748aa0c2194
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\donleone13\day
of defeat source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
c34fb5cc-734a-11e1-9016-50e549b67340
Error - 21.03.2012 10:58:39 | Computer Name = Papa-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.03.2012 12:58:19 | Computer Name = Papa-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.03.2012 14:37:47 | Computer Name = Papa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4ea78f27 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4f28cccc Ausnahmecode: 0xc0000005 Fehleroffset: 0x67c7f1c9
ID
des fehlerhaften Prozesses: 0x6c8 Startzeit der fehlerhaften Anwendung: 0x01cd0784d4c689c7
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\donleone13\day
of defeat source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
f42b0530-7384-11e1-80df-50e549b67340
Error - 21.03.2012 17:43:47 | Computer Name = Papa-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.03.2012 19:33:53 | Computer Name = Papa-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 22.03.2012 03:37:27 | Computer Name = Papa-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.03.2012 03:42:24 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 22.03.2012 03:43:14 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 1013
Description =
[ System Events ]
Error - 22.03.2012 13:42:24 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:24 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:24 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
|
|
22.03.2012, 21:06
| #8 |
| /// Malware-holic | Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! öffne malwarebytes, poste alle logs bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.03.2012, 21:11
| #9 |
| | Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! hier der Otl.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2012 20:17:39 - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Papa\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,63 Gb Available Physical Memory | 70,57% Memory free 15,96 Gb Paging File | 13,23 Gb Available in Paging File | 82,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,17 Gb Total Space | 1052,09 Gb Free Space | 75,30% Space Free | Partition Type: NTFS Drive D: | 7,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.22 20:13:40 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\24960-OTL.exe PRC - [2012.03.13 22:20:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.11.26 11:40:56 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.11.03 19:25:08 | 008,094,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2007.05.10 13:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe PRC - [2007.04.21 09:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe ========== Modules (No Company Name) ========== MOD - [2007.05.10 13:18:10 | 000,835,584 | ---- | M] () -- C:\Windows\vsnp325.exe MOD - [2007.04.21 09:36:50 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp325.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.09.08 13:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.03.21 15:57:27 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.03.13 22:20:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2011.12.15 17:29:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.12.15 17:29:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.12.02 22:24:19 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.11.25 22:42:39 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.07.06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.04.21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS) DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 10:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.03.07 10:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS) DRV:64bit: - [2011.01.13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.16 02:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.04.24 14:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2007.05.07 18:00:04 | 010,642,176 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325) DRV - [2012.03.06 16:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120321.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.03.02 19:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.02.18 16:35:49 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120322.003\EX64.SYS -- (NAVEX15) DRV - [2012.02.18 16:35:49 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120322.003\ENG64.SYS -- (NAVENG) DRV - [2012.02.04 11:33:59 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.02.04 11:33:58 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F C4 BE B5 77 AB CC 01 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012.02.18 16:28:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012.03.22 19:51:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012.03.14 20:39:58 | 000,102,233 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.08 20:07:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.08 20:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Extensions [2012.01.19 00:21:32 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Papa\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Papa\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Papa\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Facemoods = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\ CHR - Extension: FBPHOTOZOOM = C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.4_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe () O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03B5C4AA-A3CF-4FFF-B1D6-F6A9B12D2F06}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.11.14 11:59:05 | 000,000,081 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2012.02.14 13:55:43 | 000,000,000 | R--D | M] - D:\autostarter -- [ UDF ] O32 - AutoRun File - [2007.07.30 11:00:50 | 000,233,472 | R--- | M] () - D:\AutoStarter.exe -- [ UDF ] O33 - MountPoints2\{396fecb6-1767-11e1-a8fc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{396fecb6-1767-11e1-a8fc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\0data\cbs.exe -- [2011.11.18 17:29:39 | 003,427,328 | R--- | M] () O33 - MountPoints2\{a1750e8f-1d0e-11e1-841b-50e549b67340}\Shell - "" = AutoRun O33 - MountPoints2\{a1750e8f-1d0e-11e1-841b-50e549b67340}\Shell\AutoRun\command - "" = G:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.22 20:13:40 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Papa\Desktop\24960-OTL.exe [2012.03.22 17:17:12 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Malwarebytes [2012.03.22 17:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.22 17:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.22 17:17:04 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.22 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.22 10:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver [2012.03.22 09:35:12 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{30936325-A95E-4B14-9F90-F12EF4511280} [2012.03.22 09:35:00 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{55459CC8-B73E-474A-93CB-13549251DFFF} [2012.03.22 09:18:25 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\NeocoreGames [2012.03.21 22:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills [2012.03.21 22:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Purplehills [2012.03.21 22:44:42 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Downloaded Installations [2012.03.21 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{D97C6AB5-1F64-4B17-9B58-AD48398F95D2} [2012.03.21 21:34:24 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{FE2A1B8B-F513-4094-9436-8E176B55AAC5} [2012.03.21 09:33:59 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{226A321B-DE34-40CC-BA3A-609E75FDD7FA} [2012.03.21 09:33:48 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{1A087A83-31F0-44F2-8981-FFD4FC7C61C0} [2012.03.20 20:57:28 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{2F8AD25C-BF03-4343-8F66-37B482A1259D} [2012.03.20 20:57:17 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{7E0425F9-4C21-437B-A222-EACA98C7BBEA} [2012.03.20 08:56:52 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{1FFF1204-54C3-4413-B579-C7FFCF1D6DD5} [2012.03.20 08:56:40 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{044CBC1B-BF57-457F-96B5-C7C28188B08E} [2012.03.19 20:56:16 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{537FB633-D3D8-4246-9BDC-934C94F8809B} [2012.03.19 20:56:05 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{2BDE81A6-E5E0-4D30-8078-672C81A2350B} [2012.03.19 08:55:37 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{88C80C29-9D00-4F09-931A-FBAA8D93D685} [2012.03.19 08:55:20 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{D411F4BB-788D-45E1-9697-1A2E721009AF} [2012.03.18 12:40:55 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{60C82CF2-380A-4B65-A8F7-9B8FABFD987E} [2012.03.18 12:40:38 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{40A9CDB1-3BA1-4A30-9B0C-1790D2D6CECA} [2012.03.17 23:44:04 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{ABC4B077-86D7-4903-86E5-D00AAE3BBFB2} [2012.03.17 23:43:54 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{AD58B97F-2381-4A9D-9C90-7E0DAE85F9A9} [2012.03.17 11:43:41 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{4A14FF93-5C88-4BFF-983A-748FF56E7DFB} [2012.03.17 11:43:31 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{2B2EA311-76DF-4384-9AEA-EC27F506AA82} [2012.03.16 23:43:05 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{FF0469B2-1C5E-401D-B879-E8E15CEB9B25} [2012.03.16 23:42:54 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8E4CD678-2AD9-45CC-99F8-7288AC41C757} [2012.03.16 20:37:29 | 000,000,000 | ---D | C] -- C:\Users\Papa\.emps_cache [2012.03.16 11:42:41 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{E2D3B2B9-657A-46CC-A7F4-CCD327A6571B} [2012.03.16 11:42:31 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{48C1B622-C4FC-4863-8D6D-FDCF0DDEC3AC} [2012.03.15 23:42:05 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{4BA213C2-FB4F-47F8-B38F-9C808DC70919} [2012.03.15 23:41:55 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{F130D0A6-49F1-4B14-962F-DD37059298E7} [2012.03.15 23:02:25 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Chromium [2012.03.15 18:38:04 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Funcom [2012.03.15 18:37:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.03.15 18:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom [2012.03.15 17:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA [2012.03.15 17:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2012.03.15 17:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2012.03.15 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{1DBDD49C-A5FD-4A18-A70F-2191E6DE8F46} [2012.03.15 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{AC9E2674-E4B6-49D2-B886-69A31320BFF7} [2012.03.15 03:02:45 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.03.15 03:02:44 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.03.15 03:02:44 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.14 20:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.03.14 20:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMinent Toolbar [2012.03.14 20:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.03.14 20:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fbphotozoom [2012.03.14 20:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload [2012.03.14 20:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent [2012.03.14 20:36:21 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\BitTorrent [2012.03.14 13:44:57 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.14 13:44:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.14 13:44:19 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.14 13:44:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.03.14 13:44:11 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.14 13:44:11 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.03.14 09:58:30 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{580DD921-6533-4DA0-82EC-4E7BD46D03C7} [2012.03.14 09:58:19 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{84384132-495A-460D-BFAF-2916FE7708A7} [2012.03.13 21:57:53 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8CCD9060-20B6-42CF-8FDB-BB85D64C6A41} [2012.03.13 21:57:41 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{D1FF5B5F-2E56-439D-AE31-678054ECA471} [2012.03.13 09:57:12 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{328AFE05-9349-4002-A81F-DEECB1B600F3} [2012.03.13 09:57:01 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{EC4A76A1-D0D0-424F-AA55-105D1CA08993} [2012.03.12 11:30:53 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{2867DADB-0AFF-4476-9094-7EF32D397930} [2012.03.12 11:30:41 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8C8B7FDD-3236-49C9-8E86-B4A4F49DB7FB} [2012.03.11 11:41:31 | 000,000,000 | ---D | C] -- C:\Users\Papa\Documents\The Lord of the Rings Online [2012.03.11 11:41:31 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\The Lord of the Rings Online [2012.03.11 11:13:50 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\Turbine [2012.03.11 11:11:07 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\ApplicationHistory [2012.03.11 11:09:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2012.03.11 11:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine [2012.03.11 11:04:58 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{38E5EE20-0A7B-4E81-ABF3-E48CD32D6F83} [2012.03.11 11:04:44 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{49FA47B7-E895-44A2-9D9E-3A54F7978DDF} [2012.03.11 10:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine [2012.03.10 23:04:17 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{6B66EBBA-3FFC-4837-A075-060B7BFFFA6E} [2012.03.10 23:04:06 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{473747DF-966E-416C-AB1A-6C6122C5A402} [2012.03.10 11:08:19 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\ElevatedDiagnostics [2012.03.10 00:13:01 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{808FB9DF-CA97-425F-ADCC-1DAF51F305CA} [2012.03.10 00:12:49 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8AE4F3B2-91FD-422F-97CD-8E0AE150696F} [2012.03.09 09:21:36 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{24BA3F27-7B4E-490F-B1B1-53DA738759EA} [2012.03.09 09:21:26 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{5B1192A0-FC74-4AE1-91FE-11B652BBD2AC} [2012.03.08 11:50:28 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{E613D7ED-E7A4-4B4B-AAF5-D41BE9C9F7EF} [2012.03.08 11:50:15 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{C30A93F1-0CD4-4CD4-940A-105CFC9FF3CC} [2012.03.07 22:16:16 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{F6BCB105-0F38-47B3-AF00-7315ACFF3B2A} [2012.03.07 08:46:29 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{87500DB7-7A66-4158-ABDA-807642FDCE8F} [2012.03.07 08:46:18 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{F09EF8C6-2393-4ECA-A8C1-25ED0AFE44FE} [2012.03.06 20:45:54 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{B7B08F6D-C1D1-4F94-9D50-32EE6478910C} [2012.03.06 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{1541F8C2-2483-4FC6-A5A6-3244B8994762} [2012.03.06 08:45:18 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{0CCF9FFA-36A2-4E44-A877-2CF4C0A6B0FC} [2012.03.06 08:45:04 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{FA03B42B-DEA9-4377-9FB6-C4086806451E} [2012.03.05 15:38:42 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{5E452097-DACE-4122-B314-59FBD903F041} [2012.03.05 15:38:30 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{2F7EF1DE-8581-4465-BF70-7EC7C3223EE8} [2012.03.04 23:35:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.03.04 23:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2012.03.04 23:34:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.03.04 23:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012.03.04 22:41:22 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{11FB2A0A-9602-41A8-B29C-778782EFF151} [2012.03.04 22:41:10 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{09DE7FAC-7C77-4E18-8D3E-A2D7C66068DA} [2012.03.04 10:40:43 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8CEE3772-83C7-4DE6-9069-B8E01E9CACF5} [2012.03.04 10:40:33 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{DC9135CA-71FC-4EE7-BB14-EF1CCB0F7E5C} [2012.03.03 08:31:22 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{917678B9-54C5-4D36-BD26-03FA1890E358} [2012.03.03 08:31:08 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{E30ED1A7-B2BC-46E9-B3B5-C4B81F5ECA57} [2012.03.02 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{3E5AEB04-5DEF-405A-B0B8-59C0B6B5F72E} [2012.03.02 11:31:06 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{54EC3BD1-DD4B-4D46-9212-62A8EDF01216} [2012.03.01 21:31:10 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{3B15A699-2799-4704-998C-6EFACC6C47C6} [2012.03.01 21:31:00 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{365600D3-C70C-469A-9ADC-6B2608F0C415} [2012.03.01 09:30:36 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{45F739A9-2260-45C4-97F7-031258F325AA} [2012.03.01 09:30:25 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{BF9F6A04-5636-46CD-A981-A524A2DA9A52} [2012.02.29 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{81AD12A0-BD3F-4710-8EEF-70DEEC414DE2} [2012.02.29 09:54:06 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{5C88441A-E29F-4718-98A6-C0B03EB08514} [2012.02.28 18:32:03 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{A8D9AE2B-6D65-4437-9BE9-99434D64BC50} [2012.02.28 18:31:53 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{F52254E1-6F6F-4C18-BD4A-DD0E045DEF2A} [2012.02.27 22:43:22 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{F0CB0FFE-1686-4D88-8823-EE45562ACC29} [2012.02.27 22:43:12 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{4A44A2F0-A5DC-4491-B8CC-04A7ADCC4DA4} [2012.02.27 10:42:58 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{8C3419F1-3F5E-44F9-997C-9FD3CC90A906} [2012.02.27 10:42:48 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{740E098C-850E-453E-951E-4D40A7926176} [2012.02.26 14:02:04 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{0D6E67B2-F118-4553-8A1F-C8E6950DBFEF} [2012.02.26 14:01:54 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{0426C9AE-090C-47B7-B5E6-D71ED04EE266} [2012.02.25 16:33:23 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{FCB4CADD-AC2E-4381-8030-8AB6CF577BE4} [2012.02.25 16:33:09 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{CDD9230F-DF75-491C-B5FD-9D9E478C8A3A} [2012.02.24 13:51:51 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{72BF0E7C-1E29-42D1-B788-CABACE82B18A} [2012.02.24 13:51:35 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{CB77100D-296F-449F-88B4-4D8E9FD837F4} [2012.02.23 16:54:31 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{52C72011-1936-4B6E-AEC9-2402B681815E} [2012.02.23 16:54:18 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{C58CDDE2-C438-457F-B4CB-072D4595AF63} [2012.02.22 22:55:13 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{EBA0C84F-1B1F-4EB3-8896-CDF57FCFBFD4} [2012.02.22 22:55:03 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{216B12C2-46E1-4B9B-83BC-68FCFCD1A641} [2012.02.22 10:49:43 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{9ADF9EE0-2061-40B2-8D59-E3DDF7FA2876} [2012.02.22 10:49:32 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Local\{A96DBC6D-7BB8-4C67-B113-AB9AC8BFE128} [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.22 20:13:40 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\24960-OTL.exe [2012.03.22 19:59:04 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 19:59:04 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 19:51:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.22 19:51:36 | 2132,729,855 | -HS- | M] () -- C:\hiberfil.sys [2012.03.22 17:48:19 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2012.03.22 17:17:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.15 14:12:18 | 000,002,621 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2 [2012.03.15 13:42:20 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.15 13:42:20 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.15 11:50:59 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.03.15 11:39:21 | 000,277,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.13 22:20:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.13 11:36:02 | 001,620,516 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.13 11:36:02 | 000,707,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.13 11:36:02 | 000,661,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.13 11:36:02 | 000,153,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.13 11:36:02 | 000,125,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.13 11:35:52 | 001,620,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.11 11:11:07 | 000,000,092 | ---- | M] () -- C:\Users\Papa\AppData\Local\fusioncache.dat [2012.03.10 10:48:50 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.03.10 10:48:50 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2012.02.22 13:19:13 | 583,751,675 | ---- | M] () -- C:\Windows\MEMORY.DMP [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.22 17:17:06 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.14 20:41:34 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2012.03.13 22:22:46 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.03.11 11:11:07 | 000,000,092 | ---- | C] () -- C:\Users\Papa\AppData\Local\fusioncache.dat [2012.02.17 13:50:17 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.02.17 13:50:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.17 13:50:14 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.02.16 13:49:20 | 000,000,060 | ---- | C] () -- C:\Windows\Bibi_Tina.ini [2012.01.25 14:59:33 | 001,620,516 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.19 16:04:03 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2012.01.19 16:03:16 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2012.01.19 16:02:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.01.14 12:29:06 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe [2012.01.14 12:29:06 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe [2012.01.14 12:29:06 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini [2012.01.14 12:29:05 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll [2012.01.14 12:29:05 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll [2012.01.14 12:29:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll [2011.11.25 22:21:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.11.25 22:21:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.11.25 14:48:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.11.25 14:25:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.25 14:23:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.26 19:21:31 | 000,000,000 | ---D | M] -- C:\.minecraft [2011.11.25 14:45:23 | 000,000,000 | ---D | M] -- C:\ATI [2012.02.16 13:49:16 | 000,000,000 | ---D | M] -- C:\Bibi_und_Tina [2012.01.13 17:46:37 | 000,000,000 | ---D | M] -- C:\Champions Online BT FC.20.20110627.3 [2012.01.13 18:32:38 | 000,000,000 | ---D | M] -- C:\Cryptic Studios [2011.12.02 22:39:23 | 000,000,000 | ---D | M] -- C:\Dead Island [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.11.25 14:23:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.01.20 12:02:54 | 000,000,000 | ---D | M] -- C:\Games [2012.02.18 17:03:41 | 000,000,000 | ---D | M] -- C:\Lop SD [2012.02.06 19:29:20 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.02.18 17:09:16 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.22 18:42:02 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.22 17:48:14 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.11.25 14:23:04 | 000,000,000 | -HSD | M] -- C:\Programme [2011.11.25 14:23:04 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.02.21 14:54:26 | 000,000,000 | ---D | M] -- C:\sh4ldr [2012.03.22 20:20:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.26 15:41:28 | 000,000,000 | ---D | M] -- C:\The Elder Scrolls V- Skyrim [2011.11.25 14:23:08 | 000,000,000 | R--D | M] -- C:\Users [2012.03.22 18:42:03 | 000,000,000 | ---D | M] -- C:\Windows [2012.01.27 13:28:28 | 000,000,000 | ---D | M] -- C:\__temp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.02.08 17:54:36 | 000,005,841 | ---- | M] () -- C:\Users\Papa\.recently-used.xbel [2012.03.22 20:37:51 | 002,359,296 | -HS- | M] () -- C:\Users\Papa\ntuser.dat [2012.03.22 20:37:50 | 000,262,144 | -HS- | M] () -- C:\Users\Papa\ntuser.dat.LOG1 [2011.11.25 14:23:08 | 000,000,000 | -HS- | M] () -- C:\Users\Papa\ntuser.dat.LOG2 [2011.11.25 14:47:28 | 000,065,536 | -HS- | M] () -- C:\Users\Papa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.11.25 14:47:28 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.11.25 14:47:28 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.02.18 17:49:05 | 000,065,536 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{356e5519-5a3f-11e1-ac3f-50e549b67340}.TM.blf [2012.02.18 17:49:05 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{356e5519-5a3f-11e1-ac3f-50e549b67340}.TMContainer00000000000000000001.regtrans-ms [2012.02.18 17:49:05 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{356e5519-5a3f-11e1-ac3f-50e549b67340}.TMContainer00000000000000000002.regtrans-ms [2012.02.21 23:50:40 | 000,065,536 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{c5dcfcd4-5c87-11e1-851e-50e549b67340}.TM.blf [2012.02.21 23:50:40 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{c5dcfcd4-5c87-11e1-851e-50e549b67340}.TMContainer00000000000000000001.regtrans-ms [2012.02.21 23:50:40 | 000,524,288 | -HS- | M] () -- C:\Users\Papa\ntuser.dat{c5dcfcd4-5c87-11e1-851e-50e549b67340}.TMContainer00000000000000000002.regtrans-ms [2011.11.25 14:23:08 | 000,000,020 | -HS- | M] () -- C:\Users\Papa\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Hier der Extra.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.03.2012 20:17:39 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Papa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,63 Gb Available Physical Memory | 70,57% Memory free
15,96 Gb Paging File | 13,23 Gb Available in Paging File | 82,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 1052,09 Gb Free Space | 75,30% Space Free | Partition Type: NTFS
Drive D: | 7,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC44ABB-62F1-FDA7-02C8-DCCC2A239DDE}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Blender" = Blender
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"WinGimp-2.0_is1" = GIMP 2.6.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.1
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = AMD VISION Engine Control Center
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 30
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D6293F2-53DA-45A1-B7F4-1843CA3B2658}" = Darkest of Days
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEFE4FD-8EF1-4D61-B3CF-52016EAE6692}" = Hama Webcam Suite
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA179F5-EAE2-4997-B03E-989068643DBF}" = Brickshooter Egypt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam RW-100
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.05.01.8027
"1ClickDownload" = 1ClickDownload
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Age of Conan_is1" = Age of Conan: Unchained
"BitTorrent" = BitTorrent
"Black Prophecy_is1" = Black Prophecy
"Champions Online" = Champions Online
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"Der Herr der Ringe - Der Krieg im Norden (c) Warner Bros._is1" = Der Herr der Ringe - Der Krieg im Norden (c) Warner Bros. version 1
"Eastern Front" = Eastern Front
"facemoods" = Facemoods Toolbar
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Full Spectrum Warrior" = Full Spectrum Warrior (remove only)
"Graboid Video" = Graboid Video 2.4
"GTA ]I[" = GTA ]I[
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Mafia II_is1" = Mafia II
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Maker Hip Hop Edition 2 D" = MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"N360" = Norton 360
"OpenAL" = OpenAL
"Pandemonium" = Pandemonium for Windows
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"STARWARS: The Battle of Endor v2.1_is1" = STARWARS: The Battle of Endor version 2.1
"Steam App 113400" = APB Reloaded
"Steam App 1213" = Red Orchestra: Ostfront 41-45
"Steam App 13140" = America's Army 3
"Steam App 13180" = America's Army 3 Dedicated Server
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 17515" = Age of Chivalry Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 300" = Day of Defeat: Source
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"TeamViewer 6" = TeamViewer 6
"Tom Clancy's Splinter Cell Conviction_is1" = Tom Clancy's Splinter Cell Conviction
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"TV3D65_is1" = TV3D SDK 6.5 Prerelease
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Zip Uncompressor" = Zip Uncompressor
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.03.2012 05:47:07 | Computer Name = Papa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: YontooIEClient.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4f175f2b Ausnahmecode: 0xc0000005 Fehleroffset:
0x5f15e36b ID des fehlerhaften Prozesses: 0x888 Startzeit der fehlerhaften Anwendung:
0x01cd0747921c1ca2 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: YontooIEClient.dll Berichtskennung:
d1e4ce86-733a-11e1-9016-50e549b67340
Error - 21.03.2012 07:41:14 | Computer Name = Papa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4ea78f27 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4f28cccc Ausnahmecode: 0xc0000005 Fehleroffset: 0x5f2ff1c9
ID
des fehlerhaften Prozesses: 0xe94 Startzeit der fehlerhaften Anwendung: 0x01cd0748aa0c2194
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\donleone13\day
of defeat source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
c34fb5cc-734a-11e1-9016-50e549b67340
Error - 21.03.2012 10:58:39 | Computer Name = Papa-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.03.2012 12:58:19 | Computer Name = Papa-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.03.2012 14:37:47 | Computer Name = Papa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4ea78f27 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4f28cccc Ausnahmecode: 0xc0000005 Fehleroffset: 0x67c7f1c9
ID
des fehlerhaften Prozesses: 0x6c8 Startzeit der fehlerhaften Anwendung: 0x01cd0784d4c689c7
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\donleone13\day
of defeat source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
f42b0530-7384-11e1-80df-50e549b67340
Error - 21.03.2012 17:43:47 | Computer Name = Papa-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.03.2012 19:33:53 | Computer Name = Papa-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 22.03.2012 03:37:27 | Computer Name = Papa-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.03.2012 03:42:24 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 22.03.2012 03:43:14 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 1013
Description =
[ System Events ]
Error - 22.03.2012 13:42:24 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:24 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:24 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.03.2012 13:42:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Wie kann ich denn den Log von Malwarebytes finden? Und wie kann dir jetzt dieser Log weiterhelfen ? Würde mich brennend interessieren damit ich später für solche sachen gerüstet bin! Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Papa :: PAPA-PC [Administrator] Schutz: Aktiviert 22.03.2012 17:18:00 mbam-log-2012-03-22 (17-18-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 188744 Laufzeit: 2 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Papa\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Papa\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Papa\Downloads\SoftonicDownloader_fuer_epsxe.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Papa :: PAPA-PC [Administrator] Schutz: Aktiviert 22.03.2012 17:25:05 mbam-log-2012-03-22 (17-25-05).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 459728 Laufzeit: 1 Stunde(n), 2 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 2012/03/22 17:17:54 +0100 PAPA-PC Papa MESSAGE Starting protection 2012/03/22 17:17:56 +0100 PAPA-PC Papa MESSAGE Protection started successfully 2012/03/22 17:17:59 +0100 PAPA-PC Papa MESSAGE Starting IP protection 2012/03/22 17:18:00 +0100 PAPA-PC Papa MESSAGE IP Protection started successfully 2012/03/22 17:22:36 +0100 PAPA-PC Papa MESSAGE Executing scheduled update: Daily 2012/03/22 17:22:37 +0100 PAPA-PC Papa MESSAGE Database already up-to-date 2012/03/22 17:23:00 +0100 PAPA-PC Papa MESSAGE Starting protection 2012/03/22 17:23:03 +0100 PAPA-PC Papa MESSAGE Protection started successfully 2012/03/22 17:23:06 +0100 PAPA-PC Papa MESSAGE Starting IP protection 2012/03/22 17:23:06 +0100 PAPA-PC Papa MESSAGE IP Protection started successfully 2012/03/22 18:34:11 +0100 PAPA-PC Papa MESSAGE Stopping IP protection 2012/03/22 18:35:01 +0100 PAPA-PC Papa MESSAGE IP Protection stopped 2012/03/22 19:53:59 +0100 PAPA-PC Papa MESSAGE Starting protection 2012/03/22 19:54:01 +0100 PAPA-PC Papa MESSAGE Protection started successfully 2012/03/22 19:54:04 +0100 PAPA-PC Papa MESSAGE Starting IP protection 2012/03/22 19:54:05 +0100 PAPA-PC Papa MESSAGE IP Protection started successfully 2012/03/22 19:57:34 +0100 PAPA-PC Papa MESSAGE Stopping IP protection 2012/03/22 19:58:26 +0100 PAPA-PC Papa MESSAGE IP Protection stopped hier ist der Log den ich gefunden habe :0 hoffentlich ist das was nutzvolles für dich GEIIIIL!!! HABS GESCHAFFT! Total komisch es Lag doch an der Maus -.-*. Tut mir Leid für den AUfstand! Bei mir auf dem Laptop geht sie einwandfrei aber auf dem Gamer Rechner hat sie aussetzer ö_Ö ? wieso? die Maus ist dann also doch nicht kaputt weil sie gestern ja noch auf dem Gamer-PC lief. ö_Ö Und heute auf einmal aussetzer hmmmm woran kann das liegen "sry auch wenn das nichtmerh so ganz zum Thema past" |
|
23.03.2012, 16:52
| #10 |
| /// Malware-holic | Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! im mom sehe ich noch nichts Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Nervigen Virus! Maus öffnet beim drüberfahren alles! Und macht weitere faxen! |
| arbeiten, browser, eingefangen, fenster, heute, klicke, klicken, maus, mehrere fenster, nervige, neue, neuen, nicht mehr, ordner, phänomen, programme, riesig, schonmal, seite, seiten, viren, virus, überhaupt, ziehen, zusammen, öffnet |
Linear-Darstellung
